projects/usbcheck.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
190dd5724fef6a55b9f82498d1b920f0d06630d8
usbcheck.it/api/index.php
Lars Gebhardt-Kusche 6ff6879420 index
2025-11-30 23:27:42 +01:00

118 lines
3.4 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
// /api/index.php
declare(strict_types=1);
$apibasedir = $_SERVER['DOCUMENT_ROOT'];
require $apibasedir . '/../config/fileload.php';
/*
|--------------------------------------------------------------------------
| CORS Dynamische Freigabe
|--------------------------------------------------------------------------
| WICHTIG: credentials:true verbietet Access-Control-Allow-Origin: *
| Darum erlauben wir nur explizite Frontend-Domains.
*/
$allowedOrigins = [
'https://staging.usbcheck.it',
'https://usbcheck.it',
'http://localhost', // optional für lokale Entwicklung
];
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowedOrigins, true)) {
// Dynamische Freigabe der erlaubten Domain
header("Access-Control-Allow-Origin: {$origin}");
header("Vary: Origin"); // wichtig gegen Proxy-Caching-Probleme
} else {
// Fallback: Staging-Domain
header("Access-Control-Allow-Origin: https://staging.usbcheck.it");
header("Vary: Origin");
}
// Weitere CORS-Header
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Methods: GET, POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');
// JSON Response Header
header('Content-Type: application/json; charset=utf-8');
// OPTIONS Preflight-Anfrage vorzeitig beenden
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
http_response_code(204);
exit;
}
/*
|--------------------------------------------------------------------------
| Routing vorbereiten
|--------------------------------------------------------------------------
*/
$uri = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH);
$path = rtrim($uri, '/');
if ($path === '') {
$path = '/';
}
/*
|--------------------------------------------------------------------------
| Root-Info (optional)
|--------------------------------------------------------------------------
*/
if ($path === '/') {
echo json_encode([
'ok' => true,
'service' => 'usbcheck-api',
'version' => 1,
'endpoints' => [
'/v1/quickcheck',
'/v1/browser.quick.test',
'/internal/* (geschützt)',
],
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
exit;
}
/*
|--------------------------------------------------------------------------
| Versioniertes Routing /v1/*
|--------------------------------------------------------------------------
*/
if (str_starts_with($path, '/v1/')) {
// alles hinter /v1/ in Segmente zerlegen
$rel = substr($path, strlen('/v1/')); // z.B. "browser.quick.test"
$rel = ltrim($rel, '/');
$segments = $rel === '' ? [] : explode('/', $rel);
require_once $apibasedir . '/router/router.v1.php';
router_v1_dispatch($segments);
exit;
}
/*
|--------------------------------------------------------------------------
| Internal API /internal/*
|--------------------------------------------------------------------------
*/
if (str_starts_with($path, '/internal/')) {
require_once $apibasedir . '/router/router.internal.php';
exit;
}
/*
|--------------------------------------------------------------------------
| Fallback: Unbekannter Bereich
|--------------------------------------------------------------------------
*/
http_response_code(404);
echo json_encode([
'ok' => false,
'error' => 'Unknown API area',
'path' => $path,
], JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE);
Reference in New Issue View Git Blame Copy Permalink